2018-tschantz-bestiary

A Bestiary of Blocking: The Motivations and Modes behind Website Unavailability

Michael Carl Tschantz, Sadia Afroz, Shaarif Sajid, Shoaib Asif Qazi, Mobin Javed, Vern Paxson · Free and Open Communications on the Internet · 2018

canonical link →

Tags

censors: generic
techniques: dpi dns-poisoning ip-blocking rst-injection

findings extracted from this paper

Across 85,421 Cloudflare-hosted domains crawled from five vantage points, 524 websites employed country-based blocking (Cloudflare error 1009). Ukraine (VPN) received 313 geo-blocks while Scotland (same VPN provider) received only 175, suggesting that IP/ASN reputation or exit-node characteristics cause significant variation in observed blocking rates even when controlling for the access method.

§4, Table 2 evaluation ip-blocking generic
Because a disproportionate number of Tor exit nodes are located in the EU, GDPR-motivated blanket blocking of EU IP ranges creates collateral access restrictions for Tor users globally. This illustrates that privacy-protective legislation and censorship-circumvention infrastructure can have directly competing effects when server-side enforcement is implemented via coarse geographic IP filtering.

§7 policy ip-blocking generic
After GDPR took effect on May 25, 2018, 74 websites that had previously served all three EU vantage points (London, Sofia, Frankfurt) began blocking them; 40 returned explicit 'Blocked due to GDPR' blockpages with HTTP 403, 7 used HTTP 451 Unavailable For Legal Reasons, and all 47 sites with explicit blockpages were local news outlets.

§6, Table 3 evaluation ip-blocking generic
Ukraine and Scotland both used the same VPN provider yet Ukraine received 1,874 CAPTCHA challenges vs. 309 for Scotland, and 1,519 browser verification challenges vs. 1,091 — a roughly 6× and 1.4× difference respectively. Only Ukraine was flagged as a VPN or Tor node by OctoNet's HTTP filter, indicating that IP/ASN reputation drives security-motivated blocking independently of the transport protocol used.

§5, Table 2 detection ip-blockingml-classifier generic
The paper enumerates at least eight distinct non-censorship motivations for server-side geo-blocking — economic sanctions, third-party liability (SESTA), copyright, GDPR compliance, security/fraud concerns, hosting costs, revenue optimization, and misconfiguration — each of which can produce the same observable signals (403 blockpages, DNS failures, TCP resets) as government censorship. Naive measurement methods that treat all location-based unavailability as censorship will produce systematic false positives.

§2, Table 1 policy measurement-platformmiddlebox-interference generic